The article explains how to grant Cloudaware additional permissions, such as to Google Organizations or Google Billing accounts, and create a custom role for backups and tagging. Ensure you have the necessary permissions in Google Cloud.
Google Organizations
For Cloudaware to collect Google Organizations and related data, assign the role 'Viewer' to the service account added to Cloudaware. The following permissions are required:
Organization Role Viewer
Folder Viewer
Organization Viewer
Organization Policy Viewer
Project Viewer
Click Save.
Assign the 'Project Viewer' role on the organization level for Cloudaware to automatically add and collect Google Projects within a Google Organization.
Google Billing Accounts
For Cloudaware to collect Google Billing Accounts, assign the role 'Billing Account Viewer' to the service account* that has access to billing accounts in question.
1. Go to Billing.
2. Go to the tab 'My Billing Accounts'. Check the box near the billing account. Click Add Principal on the right to manage permissions.
3. Select the service account* and assign the role Billing Account Viewer → Save.
*Note that the service account should be added to Cloudaware. See the guide
Custom role for backups or tagging
To use backups and tagging, create a custom role and assign it to the Cloudawareservice account :
Go to IAM & admin, select "Roles" and click +Create Role.
Add the name and the description of the custom role. Set 'Role launch stage' as General Availability and click + Add Permissions.
Select the following permissions:
For backups | For labels (tags) |
|---|---|
|
|
Click CREATE.
Assign the custom role to the service account: IAM & admin → IAM → select the service account → click the pencil icon to edit principal → ADD ANOTHER ROLE → Custom → Cloudaware Custom Role → SAVE.